Discovering non managed devices in a network such as a lan using http

ABSTRACT

The topology of a computer network may be by the process of discovery in which each of the devices of the network is interrogated to thereby produce details of the network and its operation, preferably in the form of a network map which may be displayed on a visual display unit showing the devices and links between the devices. At its simplest, and where the device is a “managed” device, this information is usually provided by interrogation using a known protocol, such as the SNMP (Simple Network Management Protocol), of the so-called ‘agent’ of each device which stores the device&#39;s unique MAC address, the type of device and the MAC addresses embedded in the data passing into a particular port which thereby gives the MAC addresses of the origin of the data and hence the MAC address of the devices which are connected to the ports directly or indirectly. 
     However, many devices are not SNMP enabled and so the discovery or interrogation of the network produces a result which indicates that these non SNMP enabled devices are displayed as “generic” devices. 
     There is described a device for use in a network, said device including information identifying the device, which information is made accessible during HTTP (Hyper Text Transfer Protocol) authentication procedure.

BACKGROUND OF THE INVENTION

The present invention relates to a method and apparatus for discovering non managed devices (e.g. devices that do not have an SNMP (Simple Network Management Protocol) agent) in a network such as a LAN (Local Area Network) or other network. The preferred embodiment of the present invention relates to the discovery of devices that do not have an SNMP agent but do include an embedded web agent.

The present invention relates to the process of discovery of the devices on network, that is a network of electronic devices comprising, for example, workstations, personal computers, servers, hubs, routers, bridges, switches, (hereinafter referred to as devices of the network), and links between these devices which may be in the form of physical cable or wireless links. The network may be a local area network (LAN), such as an Ethernet network, wide area network (WAN) or other types, including wireless networks.

Computers and other devices connected to a network may be managed or unmanaged devices. A managed device has processing capability, which enables it to monitor data traffic sent from, received at, and passing through the ports of the device. Monitored data associated with the ports of the network device is stored in memory on the network device. For example, data relating to the origin of a data packet which is received at a port is stored along with the identity of the relevant port.

After such a network has been installed, it is desirable for the person appointed network manager to be able to understand the technical operation of the network. In known network management systems, the manner in which the relevant data is retrieved from the managed devices, compiled and displayed “discovered” has been problematic in several respects. Primarily the data does not provide information about unmanaged (eg non SNMP enabled) devices.

The topology of the network may be deduced by the network manager's computer by the process of discovery in which each of the devices of the network is interrogated to thereby produce on a network manager's workstation details of the network and its operation, preferably in the form of a network map which may be displayed on a visual display unit showing the devices and links between the devices. At its simplest, and where the device is a “managed” device, this information is usually provided by interrogation using a known protocol, such as the SNMP (Simple Network Management Protocol), of the so-called ‘agent’ of each device which stores the device's unique MAC address, the type of device and the MAC addresses embedded in the data passing into a particular port which thereby gives the MAC addresses of the origin of the data and hence the MAC address of the devices which are connected to the ports directly or indirectly.

Many devices are not SNMP enabled and so the discovery or interrogation of the network produces a result which indicates that these non SNMP enabled devices are displayed as “generic” devices.

It would be desirable if one were able to deduce more information about these generic devices, that is non-SNMP enabled devices, and the present invention provides a method of doing so.

SUMMARY OF THE INVENTION

The present invention provides a device for use in a network, said device including information identifying the device, which information is made accessible during HTTP (Hyper Text Transfer Protocol) authentication procedure.

In one arrangement, where the device implements a security mechanism, the device includes means whereby the identifying information is transmitted in response to a challenge request.

In an alternative arrangement, in which the device does not implement a security mechanism, the information identifying the device is added to the head section of an HTML document provided in response to a request by the user.

BRIEF DESCRIPTION OF THE DRAWING

A preferred embodiment of the invention will now be described by way of example only and with reference to the accompanying drawing which is a flow chart of a method of discovery of devices, which method includes steps for discovering HTTP enabled but not SNMP enabled devices on a network, which HTTP enabled devices may or may not include a security mechanism.

DESCRIPTION OF THE PREFERRED EMBODIMENTS

The physical network to be discovered may comprise a plurality of devices in the form of a network supervisor's workstation or computer, other workstations, hubs, or switches.

The devices are connected together by means of links which may be hard wired or wireless and utilise any desired protocol.

The network supervisor's workstation includes, in addition to a visual display unit, a central processing unit or signal processor, a selector which may be in the form of a mouse, a program store which may comprise, for example, a CD drive, a floppy disk drive or a zip drive, and a memory for storing a program which may have been loaded from the program store or downloaded for example via Internet from a website.

To discover the network, using SNMP, the network supervisor's computer interrogates each device and analyse the network, and stores in the memory the information relating to the devices within the network and the links between the devices. In essence, managed devices include a so-called agent which in the case of an SNMP agent stores information about the device such as its unique MACaddress, its Sys Object ID (which identifies what the device is and its model type), how many ports it has, and the MAC address of the origin of the data which at least some of the ports have received and hence to which they are directly or indirectly connected. The computer interrogates the agents of each device.

In a preferred arrangement, the computer may, on command from the selector, process signals from the memory by the signal processor and provide on the visual display unit a network map showing each of the devices and the links therebetween. In the examples described, the network is simple but of course in many instances the network will be considerably more complex and it may be necessary to arrange that the visual display unit only shows a simplified version or only part of the network at any one time.

As mentioned above, however, whilst many devices may support (ie communicate using) the SNMP protocol and hence will be discovered and represented by the relevant icon in its correct location on the network map, some devices do not support the SNMP protocol. Examples of such devices are simple switches, network appliances such as firewalls and web caches and indeed work stations. Thus discovering the network using SNMP (or indeed any other related protocol) will mean that these devices will appear as icons representing unmanaged generic devices, in other words, the SNMP protocol will not allow for proper discovery of the identity of these devices. The inventors of this invention have invented an alternative method of identifying these non-SNMP enabled devices and providing relevant details by using a different protocol, ie not SNMP.

Some or all of the devices which are not SNMP enabled will be HTTP enabled.

As is known, a device which is HTTP enabled (which includes many devices including, for example, network device such as a firewall) receives HTTP requests on its TCP port 80. The device may or may not include a security mechanism and we will describe alternative arrangements covering the two cases.

Devices with Security Mechanism Http Authentication Mechanism

Firstly, it will be assumed that the device includes a security mechanism in which the device will only allow access to a client if the client is authorised. Thus the device's files and resources are protected by the standard HTTP authentication mechanism. When a web client (for example, a browser) requests a document or resource from an HTTP enabled device, the device requires the web client to authenticate itself so as to establish that the client is authorised to access the document or resource. The device using HTTP identifies the authentication of realm which applies to the requested resource and also the authentication mechanism.

For example, the web client requests information from the HTTP device by passing a request to the device as follows:

GET /

HTTP/1.0  (1)

(i.e. the web client has requested information and has set out the protocol required.)

The device may respond to this where there is security by returning the following message:

HTTP/1.0 401 unauthorised  (2)

WWW-Authenticate: Basic realm=“device”  (3)

The device will then normally pass to the web client a dialog box requesting a valid user name and password for the requested resource in the named security realm (in this case “device”). The web client then re-requests the resource from the device, using an authorisation field which identifies the authentication mechanism and the encoded or encrypted user response:

GET /

HTTP/1.0

Authorisation: basic YwrTaW46

When the string “YwrTaW46” is decoded by the device using the “Basic” authentication mechanism, it yields the username and password. If valid, the requested resource is then returned to the web client.

In the present arrangement the HTTP authentication mechanism is extended by adding device identification information to the challenge request. When the network supervisor's computer (acting like the “web client” above) interrogates the HTTP enabled device, it makes an HTTP request (line (1) above) for a device resource and receives back the response (lines (2) and (3) above) and in addition device identification information. For example device response is changed as follows:

HTTP/1.0 401 unauthorised  (2)

WWW-Authenticate:Basic realm=“1.2.3.4.5.6”  (3A)

(Where the identity of the device is “1.2.3.4.5.6”)

The computer can then extract the device identification information by analysing the “realm” field of the authentication challenge. Thus in this new arrangement, the computer simply makes a HTTP request for a device resource and then extracts the device type information by analysing the “realm” field of the authentication challenge.

The device type information can be defined either statically (during the software development for the device) or dynamically upon receipt of a HTTP request by the device.

Device Without Security Mechanism

In alternative arrangements where device security is not provided the arrangement is as follows.

Thus where the device's files and resources are not protected by an HTTP authentication mechanism, the device type information is supplied by embedding this information in the document's <HEAD> section using a HTMP <META> tag.

The <HEAD> section of a HTML document is intended to supply information about the document. Within the <HEAD> section, it is proposed to use the HTML 4.0 standard <META> tag to supply the device type information. The <META> tag is used to declare a document property (eg author, title, keyword) and a value associated with that property. In this arrangement, a document property called “sysObjectID” is defined in the <HEAD> section and the value of the device type is assigned to it.

Typically, Web servers are configured to return a predetermined page if no page has been explicitly requested by the user. This is called the “index” page. The present arrangement embeds the device type information in the <HEAD> section of the index page as follows:

<HTML> <HEAD> <META NAME =”sysObjectID” CONTENT=”1.2.3.4.5.6”> --- --- --- </HEAD> <BODY> --- --- --- </BODY> </HTML>

Having deduced the identification information of the device, the network manager's computer is then able to produce a network map on which the device is identified with the relevant information. For example, that information may set out what the device is (work station, printer, etc), what model of device it is (that is the manufacturer and model number), the configuration of the device, the status of the device and such other information as may be useful.

The preferred method of the invention is carried out under the control of the network manager's workstation or computer and in particular by means of a program controlling the processor apparatus of that computer or elsewhere in the system.

The program for controlling the operation of the invention may be provided on a computer readable medium, such as a CD, or a floppy disk, or a zip drive disk carrying the program or their equivalent, or may be provided on a computer or computer memory carrying the website of, for example, the supplier of the network products. The program may be downloaded from whichever appropriate source and used to control the processor to carry out the steps of the invention as described.

The program may include an algorithm of the form set out in the flow chart of the drawings.

Thus the program may include the following steps:

-   program step 101, to cause the network manager's computer to ping a     device; -   program step 102, to receive sysObjectID from pinged device; -   program step 103, was obtaining sysObjectID successful? -   if obtaining sysObjectID was successful, (i.e. the device supports     SNMP), at program program step 104, identify the device type based     on sysObjectID and display device type on network map; -   if obtaining sysObjectID was unsuccessful, at program step 105,     request index page of the device using HTTP; -   at program step 106, was HTTP request successful? -   if HTTP request was not successful (device has no embedded web     agent) in step 107, display device as generic device on network map; -   if HTTP request was successful, at program step 108 was it an     authentication challenge? -   if yes, at program step 109 use realm for device type identification     and display relevant device type on network map; -   if no, at program step 110, parse returned HTTP for proprietary OID     meta field; program step 111, was OID meta field found?; -   if no, program step 112, display generic type device on network map; -   if yes, at program step 113, use OID meta field to obtain device     type ID and display relevant device on network map.

The invention is not restricted to the details of the foregoing example. 

1-16. (canceled)
 17. A computer comprising: a processor; and a memory on which is stored machine readable instructions that are to cause the processor to: send an unauthorized hypertext transfer protocol (HTTP) request to a device over a network as part of a discovery operation of the device, wherein the device is to generate a HTTP challenge request in response to receipt of the unauthorized HTTP request; receive the generated HTTP challenge request, wherein the HTTP challenge request includes a string containing information that identifies the device; and extract the information that identifies the device from the string included in the HTTP challenge request to discover the device.
 18. The computer according to claim 17, wherein the machine readable instructions are further to cause the processor to: generate a response to the received HTTP challenge request, wherein the response is to be used by the device to authorize the computer to access a resource on the device; and send the generated response to the device.
 19. The computer according to claim 17, wherein the string is a parameter of a REALM field in the challenge request.
 20. The computer according to claim 17, wherein the HTTP request is a request for a resource on the device.
 21. The computer according to claim 17, wherein the machine readable instructions are further to cause the processor to display the information that identifies the device on a network map.
 22. The computer according to claim 17, wherein the machine readable instructions are further to cause the processor to: request a sys ObjectID from the device as part of the discovery operation of the device; determine whether the request for the sys ObjectID from the device was unsuccessful; and send the unauthorized HTTP request for a web page to the device in response to a determination that the request for the sys ObjectID from the device was unsuccessful.
 23. The computer according to claim 22, wherein the machine readable instructions are further to cause the processor to: receive a response from the device; determine that the response from the device is a HTTP challenge request including the string containing information that identifies the device; and extract the information that identifies the device from the challenge request to identify the device.
 24. A method of collecting information on a device in a network by a computer, said method comprising: sending, by the computer, an unauthorized hypertext transfer protocol (HTTP) request to the device over a network as part of a discovery operation of the device, wherein the device is to generate a HTTP challenge request in response to receipt of the unauthorized HTTP request; receiving, by the computer, the generated HTTP challenge request, wherein the HTTP challenge request includes a string containing information that identifies the device; and extracting, by the computer, the information that identifies the device from the string included in the HTTP challenge request to discover the device.
 25. The method according to claim 24, further comprising: generating a response to the received HTTP challenge request, wherein the response is to be used by the device to authorize the computer to access a resource on the device; and sending the generated response to the device.
 26. The method according to claim 24, further comprising: displaying the information that identifies the device on a network map.
 27. The method according to claim 24, wherein sending the unauthorized HTTP request further comprises sending the unauthorized HTTP request following an unsuccessful attempt to obtains a sys ObjectID from the device.
 28. A computer comprising: a processor; and a memory on which is stored machine readable instructions that are to cause the processor to: send a hypertext transfer protocol (HTTP) request for a web page to a device over a network as part of a discovery operation of the device, wherein the device is to generate a HTML encoded document in response to receipt of the HTTP request; receive the generated HTML encoded document, wherein the generated HTML encoded document includes a <HEAD> section, wherein the <HEAD> section includes a <META> tag that includes a string containing information that identifies the device; and extract the information that identifies the device from the string included in the <HEAD> section of the HTML document to discover the device.
 29. The computer according to claim 28, wherein the machine readable instructions are further to cause the processor to: parse the <HEAD> section of the HTML document to extract the information that identifies the device from the string included in the <HEAD> section of the HTML document.
 30. The computer according to claim 28, wherein the string is a parameter of a REALM field in the challenge request.
 31. The computer according to claim 28, wherein the machine readable instructions are further to cause the processor to display the information that identifies the device on a network map.
 32. A method comprising: sending, by a computer, a hypertext transfer protocol (HTTP) request for a web page to a device over a network as part of a discovery operation of the device, wherein the device is to generate a HTML encoded document in response to receipt of the HTTP request; receiving, by the computer, the generated HTML encoded document, wherein the generated HTML encoded document includes a <HEAD> section, wherein the <HEAD> section includes a <META> tag that includes a string containing information that identifies the device; and extracting, by the computer, the information that identifies the device from the string included in the <HEAD> section of the HTML document to discover the device.
 33. The method according to claim 32, further comprising: displaying, by the computer, the information that identifies the device on a network map. 